Ossec: The Great Makefile Refactor

This was an idea for a blog post around 1.5 years ago when the OSSEC team
started the the great refactor, but sadly I did nothing with it till now.

OSSEC build that always worked, but made me mad

OSSEC has been using a cross platform build script written in sh for ages.
This system had worked for ages and worked everyplace most of the time. See
that was the problem changes to the script were very error prone and always on
systems we did not have access to test on (I am looking at you AIX and HPUX).
Come to think about I don’t think a single release did not cause an issue due
to the sh build script.

Another thing about the build system the sprawl. To make changes you would
need to at least review all the following files:

install.sh

src/Config.Make

src/InstallServer.sh

src/InstallAgent.sh

src/Makeall

src/Makefile

**/Makefile (*at least 20 files)

This is a lot of places to check to made a change to the build. Before you ask
yes you needed to look into the install.sh has it had grown some logic that
was not in other scripts.

Given all this it easy to see why a change was needed, but the real reason I
hated this systems was the last file in the above list: Makefile. We have
1000’s of lines of logic in shell then still are using make incorrectly.

Early in the talk about changing the build system one thing that came up as a
requirement to not change the default install.sh interface. It’s simple and
friendly and people love it over the standard ./configure && make && make
install. So

One Makefile to rule them all

I had done this once before years ago with waf and that was not well
received in 2010, and while it’s a great build system OSSEC should not need
python to compile. The disdain autotools/autoconf was very apparent when ever
it came up in discussion.

The choice seamed clear once we started just require GNU Make.
This gave us a huge amount of flexibility and features, and is available on
every platform. While it’s not default on all the platforms that OSSEC
supports, but we thought it was a safe bet that someplace someone had a
packages for installing GNU Make.

I started to work and the first pull request and this started the
process of a day long hack-o-thon for the OSSEC team. This was single best
day of working on open source in my life. People just kept doing more and
feeding back and improving things so fast. It was great to see and be a part
of.

The new Makefile build does a lot of things in a single file and is very large,
but it handles everything in less code then the original system.

Build targets

OSSEC has a few major build targets: server, local, agent, and winagent. We
did not break this into two makefiles as their is so much overlap in code and
how they are built. We decided that command like argument would required for
which binaries to compile.

$ make TARGET=server
# or
$ make TARGET=agent

Inside the makefile the logic is simple and straight forward. As you can see
here:

Yeah we know, but this includes all the old logic that the scripts system
preformed and some new ones.

If anyone knows of a better way we would love to hear it ;)

Today

I in writing up this Blog post I went back end reviewed the changes to the
makefile over the last year and 1⁄2, and not major changes to structure or
logic have happened. Just new features and improvements, and looks like
a solid foundation.